dsullivan54
asked on
How do I clean Malware that is hijacking my browser search results?
My Google search results are hijacked in all three browsers installed on my PC, Firefox, Chrome and IE 8. I am also getting the "Congratulations You Won" and "Oh my god no way" audip ramdonly played.
Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:58 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA gent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
C:\Program Files\Bonjour\mDNSResponde r.exe
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic e.exe
C:\Program Files\FarStone\DriveClone\ Client\cbp \DCSchdler .exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
C:\WINDOWS\eHome\ehRecvr.e xe
C:\WINDOWS\eHome\ehSched.e xe
C:\Program Files\FarStone\DriveClone\ Client\Efb \FBPAgent. exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic e.exe
C:\PROGRA~1\Iomega\System3 2\AppServi ces.exe
C:\Program Files\Java\jre6\bin\jqs.ex e
c:\Program Files\Common Files\LightScribe\LSSrvc.e xe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr cSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McS vHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mf evtps.exe
C:\WINDOWS\system32\nvsvc3 2.exe
C:\WINDOWS\system32\HPZipm 12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\FarStone\DriveClone\ Client\DCN TranProc.e xe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Common Files\McAfee\SystemCore\mc shield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mf efire.exe
C:\WINDOWS\system32\wuaucl t.exe
C:\WINDOWS\system32\dllhos t.exe
C:\WINDOWS\system32\HDAudP ropShortcu t.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon 06.exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd lr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier. exe
C:\WINDOWS\system32\RUNDLL 32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com munication s_Helper.e xe
C:\Program Files\Logitech\QuickCam\Qu ickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\McAfee.com\Agent\mca gent.exe
C:\Program Files\iTunes\iTunesHelper. exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Documents and Settings\HP_Administrator\ Local Settings\Application Data\Google\Update\GoogleU pdate.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Malwarebytes' Anti-Malware\DCSmbam.exe
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd lr32 .exe
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e xe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Com munication s_Helper .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Logitech\QuickCam\Qu ickcam .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV ComSer.exe
C:\Program Files\Logitech\Logitech Vid\Vid .exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV ComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCI Manager.ex e
C:\Program Files\JGsoft\EditPadLite\E ditPadLite .exe
C:\Program Files\iPod\bin\iPodService .exe
c:\PROGRA~1\mcafee\mpf\mpf alert.exe
C:\Documents and Settings\HP_Administrator\ Desktop\DC SHijackThi s.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-F CE54AD9C20 8} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7 68834316C6 1} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhanc er.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6 309F01C523 1} - C:\Program Files\Common Files\McAfee\SystemCore\Sc riptSn.201 0051802100 8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d ll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\5 .5.5126.18 36\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2 CD0E90A88F F} - c:\progra~1\mcafee\sitead~ 1\mcieplg. dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0 E72E116A85 6} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-0 5D28BCF79F 5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D 2AAB95CABE 3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.d ll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5 16ABECAE06 4} - c:\progra~1\mcafee\sitead~ 1\mcieplg. dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd. exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon 06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD .EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd lr32.exe" -s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier. exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr ay.dll,NvT askbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSy ncManager. exe startup
O4 - HKLM\..\Run: [LogitechCommunicationsMan ager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Com munication s_Helper.e xe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Qu ickcam.exe " /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca gent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper. exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_F ATICGA.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp " /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\ Local Settings\Application Data\Google\Update\GoogleU pdate.exe" /c
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos ter 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD etector.ex e (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD etector.ex e (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e xe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB Update\qbu pdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MI1933~1\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2 F5B1AA8452 2} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://www.vbgov.com
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-3 0A17DE16AD 0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-F FDE2BAC296 7} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174613569093
O16 - DPF: {82774781-8F4E-11D1-AB1C-0 000F8773BF 0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B 1E370AE754 9} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9 BC8B12DD53 9} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D 8ABCA09EC0 9} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0 67394E91CC 5} - c:\progra~1\mcafee\sitead~ 1\mcieplg. dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-8 6486D72E74 9} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggablePro tocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5 3150405FD5 7} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0 67394E91CC 5} - c:\progra~1\mcafee\sitead~ 1\mcieplg. dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0 0A0C90312E 1} - C:\WINDOWS\system32\browse ui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3 078302C203 0} - C:\WINDOWS\system32\browse ui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0 ) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA gent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0 ) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileA gent.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: DCScheduler - Unknown owner - C:\Program Files\FarStone\DriveClone\ Client\cbp \DCSchdler SRVC.exe
O23 - Service: Drobo Dashboard Service (DDService) - Data Robotics, Inc. - C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic e.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe rvice.exe
O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files\FarStone\DriveClone\ Client\Efb \FBPAgent. exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ ice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google Update.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1150\Inte l 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic e.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System3 2\AppServi ces.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex e
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.e xe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV ComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr cSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco ds.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m cshield.ex e
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m fefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf evtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3 2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC S\Intuit.Q uickBooks. FCS.exe
O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files\FarStone\DriveClone\ Client\DCN TranProc.e xe
--
End of file - 17883 bytes
Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:58 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spools
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileA
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\cisvc.
C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
C:\Program Files\FarStone\DriveClone\
C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
C:\WINDOWS\eHome\ehRecvr.e
C:\WINDOWS\eHome\ehSched.e
C:\Program Files\FarStone\DriveClone\
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
C:\PROGRA~1\Iomega\System3
C:\Program Files\Java\jre6\bin\jqs.ex
c:\Program Files\Common Files\LightScribe\LSSrvc.e
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
C:\Program Files\Common Files\Mcafee\McSvcHost\McS
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mf
C:\WINDOWS\system32\nvsvc3
C:\WINDOWS\system32\HPZipm
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\WINDOWS\system32\svchos
C:\Program Files\FarStone\DriveClone\
C:\WINDOWS\system32\svchos
C:\Program Files\Common Files\McAfee\SystemCore\mc
C:\Program Files\Common Files\McAfee\SystemCore\mf
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\dllhos
C:\WINDOWS\system32\HDAudP
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon
C:\WINDOWS\SMINST\RECGUARD
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SMINST\RECGUARD
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
C:\WINDOWS\system32\RUNDLL
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
C:\Program Files\Logitech\QuickCam\Qu
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\McAfee.com\Agent\mca
C:\Program Files\iTunes\iTunesHelper.
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\System32\svchos
C:\Program Files\Google\GoogleToolbar
C:\Documents and Settings\HP_Administrator\
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Malwarebytes' Anti-Malware\DCSmbam.exe
C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\Program Files\Common Files\LogiShrd\LComMgr\Com
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Logitech\QuickCam\Qu
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
C:\Program Files\Logitech\Logitech Vid\Vid .exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
C:\Program Files\Common Files\Logishrd\LQCVFX\COCI
C:\Program Files\JGsoft\EditPadLite\E
C:\Program Files\iPod\bin\iPodService
c:\PROGRA~1\mcafee\mpf\mpf
C:\Documents and Settings\HP_Administrator\
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-F
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-7
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-0
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schd
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSy
O4 - HKLM\..\Run: [LogitechCommunicationsMan
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Qu
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBoos
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.e
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://www.vbgov.com
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {4871A87A-BFDD-4106-8153-F
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {82774781-8F4E-11D1-AB1C-0
O16 - DPF: {9C024426-7859-4B2D-AB4C-B
O16 - DPF: {A90A5822-F108-45AD-8482-9
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-8
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-0
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: DCScheduler - Unknown owner - C:\Program Files\FarStone\DriveClone\
O23 - Service: Drobo Dashboard Service (DDService) - Data Robotics, Inc. - C:\Program Files\Drobo\Drobo Dashboard\Support\DDServic
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkSe
O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files\FarStone\DriveClone\
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateServic
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System3
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.e
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LV
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPr
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC
O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files\FarStone\DriveClone\
--
End of file - 17883 bytes
ASKER
Ran both Malwarebytes and Combofix. Both found and deleted a number of problems but I am still getting browser redirects to Google search results.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As optoma had already suggested, run TDSSKiller.
TDSSKiller
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Here's an article of a search engine hijackers.
Google Hijack" - Google Search gets redirected
https://www.experts-exchange.com/Virus_and_Spyware/Latest_Threats/A_3299-Google-Hijack-Google-Search-Gets-Redirected.html
TDSSKiller
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Here's an article of a search engine hijackers.
Google Hijack" - Google Search gets redirected
https://www.experts-exchange.com/Virus_and_Spyware/Latest_Threats/A_3299-Google-Hijack-Google-Search-Gets-Redirected.html
ASKER
Here's the Combofix log. After running Combofix and Malwarebytes, downloaded and Installed Microsoft Security Essentials, I had been using McAfee Anti-virus plus. The Microsoft Security Essentials full scan identified and cleaned about a dozen other problems that had not been identified by by the other utilities. After a reboot and a second clean scan, all seems to be working fine. I have not run TDSSKiller, since things look good right now. That's optoma for getting me going with the utilities and I appreciate rpggamergirl for providing the article link.
ComboFix.txt
ComboFix.txt
All the suggestions are good ones and I also recommend the same, but you might also want to try another shot in the dark... the most obvious...
Clear all your caches! Each browser may have different cache folders, so make sure you check them all... and also clear all your cookies... When cookies go bad, mommy throws them out!
It may help... Good luck!
Clear all your caches! Each browser may have different cache folders, so make sure you check them all... and also clear all your cookies... When cookies go bad, mommy throws them out!
It may help... Good luck!
dsullivan54,
A script still needs to be run, you're too quick closing this question.
ComboFix had deleted a lot of bad files there, you really should've at least awarded some points to dauman who suggested ComboFix in the first place, since you didn't even use the TDSSKiller that optoma had suggested.
@ dauman,
There's no doubt that you deserve some points. If you want to, just hit that "Request Attntion" button for the Mods to redistribute points.
A script still needs to be run, you're too quick closing this question.
ComboFix had deleted a lot of bad files there, you really should've at least awarded some points to dauman who suggested ComboFix in the first place, since you didn't even use the TDSSKiller that optoma had suggested.
@ dauman,
There's no doubt that you deserve some points. If you want to, just hit that "Request Attntion" button for the Mods to redistribute points.
ASKER
My apologies to dauman - rpggamergirl is correct and I should have awarded you points for this fix since the suggested the solution first came from you. If you want to "Request Attribution", I am happy to support that. Yesterday was a long day and night trying to get the problem addressed and I did close it too quickly. This was my first question posted to Experts as most often I have my solutions already in existence by just searching. Thanks to all of you for your quick response and solid advice.
I did run the TDSSKiller script and it found no issues. I have attached the log. Things still appear to working just fine. Thanks again everyone for all of the help.
TDSSKiller.2.4.0.0-01.08.2010-16.txt
I did run the TDSSKiller script and it found no issues. I have attached the log. Things still appear to working just fine. Thanks again everyone for all of the help.
TDSSKiller.2.4.0.0-01.08.2010-16.txt
download malware bytes:
http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
update and run it.
also you can run combofix by downloading it from:
http://www.bleepingcomputer.com/download/anti-virus/combofix
ran together they should be able to fix it.
also check your hosts file.
c:\windows\system32\driver
there should be only 1 entry in there - like
127.0.0.1